Caesars Entertainment disclosed that information from an undisclosed number of individuals, including 41,397 Maine residents, have been stolen following a ransomware attack by ALPHV/BlackCat affiliate Scattered Spider, according to The Register.
Attackers were able to infiltrate Caesars' network on Aug. 18 following a social-engineering attack against a third-party IT support vendor, which facilitated the exfiltration of data, including names and identification cards and/or driver's license numbers beginning Aug. 23, said the U.S. hotel, restaurant, and casino chain in a filing with the Office of the Maine Attorney General.
Caesars was previously reported to have paid a $15 million ransom to Scattered Spider, unlike MGM Resorts International, which was also compromised by the same threat operation around the same time.
"I'd love to tell you there was this, you know, 'a jump on a white horse moment and devil be damned we're not paying these bastards.' The reality is because we caught this so early and we were on them," said MGM Resorts International CEO Bill Hornbuckle in an interview with Bloomberg.
BleepingComputer reports vulnerable ConnectWise ScreenConnect servers impacted by the CVE-2024-1708 and CVE-2024-1709 flaws were observed by Sophos X-Ops researchers to have been subjected to numerous LockBit ransomware attacks since Feb. 21 .